MidPoint version 3.1 is named after Mimar Sinan, one of the greatest Turkish architects. By doing so we would like to express a special thanks to our Turkish partner Biznet for their contribution to the midPoint project and for their loyal support.
Release 3.1.1 is a twelfth midPoint release. It is also the first maintenance update for 3.1.x version family code-named Sinan. The 3.1.1 release brings bugfixes and minor improvements.
|Release date||24 April 2015|
|Release type||Maintenance release|
|End of support||02 February 2017|
Mimar Sinan (1489-1588) was the chief Ottoman architect and civil engineer. He was responsible for the construction of more than 300 structures ranging from simple roads to magnificent marvels of architecture. The list of his works is very long and it includes surprisingly high number of civic structures that provided benefit to the society: colleges, bath-houses, inns, public kitchens, bridges, store houses, granaries, schools, aqueducts and hospitals. Sinan remained in the post of chief architect for almost fifty years which made him one of the most productive and versatile architect in history.
Much alike many of Sinan's structures MidPoint version 3.1 brings stability, usability and other benefits to midPoint users. User interface improvements makes midPoint accessible to a broad user community. Diagnostics and stability improvements contribute to easy operation and maintenance of midPoint deployments. Similarly to Sinan himself MidPoint 3.1 is meant to be very productive and versatile. It can be deployed surprisingly quickly and supports wide variety of deployment types. MidPoint 3.1 is suitable for management of enterprise employee identities, customer identities, Internet identities or any kind of identities in almost any kind of environment.
Majority of the work on the Sinan release was done by the Evolveum team. However, this release would not be possible without the help of our partners, customers, contributors, friends and families. We would like to express a great gratitude to all the people that contributed to the midPoint project.
We would also like to thank:
Slovak Centre of Scientific and Technical Information for their support in developing connectors for SAS, AIX and also supporting and testing other midPoint features. We would also like to thank our partner INFOkey for their great cooperation.
Deepak Natarajan from Axapoint for the help with testing midPoint and especially for a very valuable feedback and ideas.
The IT professionals from Union who helped to shape midPoint by their feedback and support.
Confluxsys for their valuable ideas and help with midPoint testing.
AMI Praha, PosAm and Datalan for their continuous support and cooperation.
Jason Everling for the real academic use cases testing and great feedback and improvement proposals.
Mauro Graziosi for his contribution of a spanish translation.
… and many others that we regrettably cannot mention yet.
midPoint 3.1 provides following features:
Basic user data model suitable for easy integration
Numerous built-in properties based on IDM de-facto standards (LDAP inetOrgPerson, FOAF, …) and experience
Extensibility by custom properties
Off-the-shelf support for user password credentials
Off-the-shelf support for user activation
Enabled/disabled states (extensible in the future)
Support for user validity time constraints (valid from, valid to)
Object template to define policies, default values, etc.
Ability to use conditional mappings (e.g. to create RB-RBAC setup)
Ability to include other object templates
Global and resource-specific template setup
Account provisioning (create, read, update, delete accounts)
Support for mapping and expressions to determine account attributes
Support of multi-value attributes
Processing and computation fully based on relative changes
Higher-order dependencies (enables partial support for circular provisioning dependencies)
Provisioning robustness - ability to provision to non-accessible (offline) resources
Provisioning consistency - ability to handle provisioning errors and compensate for inconsistencies
Support for tolerant attributes
Ability to select tolerant and non-tolerant values using a pattern (regexp)
Matching rules to support case insensitive attributes (extensible)
Ability to execute scripts before/after provisioning operations
Advanced support for account activation (enabled/disabled states)
Standardized account activation that matches user activation schema for easy integration
Ability to simulate activation capability if the connector does not provide it
Support for account lock-out
Support for account validity time constrains (valid from, valid to)
Support easy activation existence mappings (e.g. easy configuration of "disables instead of delete" feature)
Support for mapping time constraints in activation mappings that allow configuring time-related provisioning features such as deferred account delete or pre-provisioning.
Ability to specify set of protected accounts that will not be affected by IDM system
Integration of Identity Connector Framework (ConnId)
Support for Evolveum Polygon connectors
Support for ConnId connectors
Support for OpenICF connectors
Unified Connector Framework (UCF) layer to allow more provisioning frameworks in the future
Automatic generation and caching of resource schema from the connector
Support for connector hosts and remote connectors, identity connector and connectors host type
Remote connector discovery
Web-based administration GUI (AJAX)
Ability to execute identity management operations on users and accounts
Account-centric views (browse and search accounts directly)
Layout automatically adapts to screen size (e.g. for mobile devices)
Easily customizable look & feel
Built-in XML editor for identity and configuration objects
Flexible identity repository implementations and SQL repository implementation
Keeping metadata for all objects (creation, modification, approvals)
Automatic repository cleanup to keep the data store size sustainable
Ability to execute scripts before/after reconciliation
Correlation and confirmation expressions
Conditional correlation expressions
Concept of channel that can be used to adjust synchronization behaviour in some situations
Generic Synchronization allows synchronization of roles to groups to organizational units to … anything
Advanced RBAC support and flexible account assignments
Conditional roles and assignments/inducements
Parametric roles (including ability to assign the same role several times with different parameters)
Temporal constraints (validity dates: valid from, valid to)
Advanced internal security mechanisms
Fine-grained authorization model
Several assignment enforcement modes
Ability to specify global or resource-specific enforcement mode
Ability to "legalize" assignment that violates the enforcement mode
Built-in libraries with a convenient set of functions
PolyString support allows automatic conversion of strings in national alphabets
Mechanism to iteratively determine unique usernames and other identifiers
Reporting based on Jasper Reports
Comprehensive logging designed to aid troubleshooting
Rule-based RBAC (RB-RBAC) ability by using conditional mappings in user template
Auditing to file (logging)
Auditing to SQL table
Partial multi-tenancy support
Lightweight deployment structure
Support for Apache Tomcat web container
Import from file and resource
Protected accounts (accounts that will not be affected by midPoint)
Segregation of Duties (SoD)
Export objects to XML
Enterprise class scalability (hundreds of thousands of users)
API accessible using a web service, REST and local JAVA calls
Workflow support (based on Activiti)
Schema documentation automatically generated from the definition (schemadoc)
Improved web service auditing and error handling and error responses
Extended model client utilities
Support for enumerated property values
Support for value lookup tables
GUI support for role owner and risk level
Improved role selection (support for role type)
Role assignment constraints: minimum and maxim role assignees
Significantly improved reporting
Plug-in for Jaspersoft studio to design new reports
Support for CAS integration
Schema refinement by using object template
$actor variable in mappings
Resource wizard improvements
Web service error handling improvements
Improved support for organization managers
Improved workflow handlers
Various GUI usability improvements
Improved role and organization user interface.
Improved entitlement GUI.
Notification support for roles and organizations.
GUI progress indicator for provisioning operations.
Support for account lock-out attributes. Also for lock-out attributes simulation.
Conditional roles and assignments/inducements.
Changes in assignment parameters are provisioned immediately, reconciliation is no longer needed.
OID-bound mode for attributes.
Multi-tenancy improvements in GUI.
Generic synchronization improvements in GUI.
Improved provisioning dependencies.
Support for iteration in inbound expressions (object template)
Significant performance improvement
Improved performance of organization structure ("org closure table").
Improved import and reconciliation performance (parallelization).
Polygon versions of LDAP, DBTable and CSVFile connectors (see this mailing list post)
Significantly improved paging support in LDAP connector
Support for case-insensitive attribute names.
Improved authorization and delegated administration support in GUI.
Support for "priority attributes" to work around some connector problems.
Improved reporting engine based on Jasper Reports.
Numerous user experience improvements.
Release 3.1.1 (Sinan Update 1) is intended for full production use in enterprise environments. All features are stable and well tested.
MidPoint is known to work well in the following deployment environment. The following list is list of tested platforms, i.e. platforms that midPoint team or reliable partners personally tested this release. The version numbers in parentheses are the actual version numbers used for the tests. However it is very likely that midPoint will also work in similar environments. Also note that this list is not closed. MidPoint can be supported in almost any reasonably recent platform (please contact Evolveum for more details).
OpenJDK 7 (1.7.0_65)
Sun/Oracle Java SE Runtime Environment 7 (1.7.0_45, 1.7.0_40, 1.7.0_67, 1.7.0_72)
Sun/Oracle Java SE Runtime Environment 8 (runtime only)
Please note that Java 6 environment is no longer supported.
Apache Tomcat 6 (6.0.32, 6.0.33, 6.0.36)
Apache Tomcat 7 (7.0.29, 7.0.30, 7.0.32, 7.0.47, 7.0.50)
Apache Tomcat 8 (8.0.14)
Sun/Oracle Glassfish 3 (3.1)
BEA/Oracle WebLogic (12c)
H2 (embedded, only recommended for demo deployments)
PostgreSQL (8.4.14, 9.1, 9.2, 9.3)
Supported MySQL version is 5.6.10 and above (with MySQL JDBC ConnectorJ 5.1.23 and above).
MySQL in previous versions didn’t support dates/timestamps with more accurate than second fraction precision.
Oracle 11g (126.96.36.199.0)
Microsoft SQL Server (2008, 2008 R2, 2012)
Following list contains platforms that midPoint is known not to work due to various issues. As these platforms are obsolete and/or marginal we have no plans to support midPoint for these platforms.
Java 6 and older
Sun/Oracle GlassFish 2
|Release Form||Download||Install Instructions|
Java API JavaDoc
Upgrade from version 2.x is possible but it is not publicly supported. It requires several manual steps. Evolveum provides this upgrade as part of the subscription or professional services.
Upgrade path from MidPoint 3.0 goes through midPoint 3.1. Upgrade to midPoint 3.1 first (refer to the midPoint 3.1 release notes). Then upgrade from midPoint 3.1 to 3.1.1.
MidPoint 3.1.1 data model is backwards compatible with midPoint 3.1. However as the data model was extended in 3.1.1 the database schema needs to be upgraded using the usual mechanism.
MidPoint has a built-in set of "initial objects" that it will automatically create in the database if they are not present.
This includes vital objects for the system to be configured (e.g. role
superuser and user
administrator). These objects may change in some midPoint releases.
But to be conservative and to avoid configuration overwrite midPoint does not overwrite existing objects when they are already in the database.
This may result in upgrade problems if the existing object contains configuration that is no longer supported in a new version.
Therefore the following list contains a summary of changes to the initial objects in this midPoint release.
The complete new set of initial objects is in the
config/initial-objects directory in both the source and binary distributions.
Although any problems caused by the change in initial objects is unlikely to occur, the implementors are advised to review the following list and assess the impact on case-by-case basis:
010-value-policy: Allow no password
020-system-configuration: explicitly disabled auditing
030-role-superuser, 040-role-enduser.xml: roleType set to "system"
090-report-audit, 100-report-reconciliation, 110-report-user-list, 111-report-reconciliation-shadow-owner: completely new report setting
107-report-user-accounts, 108-report-user-orgs, 109-report-user-roles: deleted
midPoint is roughly based on OpenIDM version 1. When compared to OpenIDM v1, midPoint code was made significantly "lighter" and provides much more sophisticated features. Although the architectural outline of OpenIDM v1 is still guiding the development of midPoint almost all the OpenIDM v1 code was rewritten. MidPoint is now based on relative changes and contains advanced identity management mechanisms such as advanced RBAC, provisioning consistency and other advanced IDM features. MidPoint development is independent for more than two years. The development pace is very rapid. Development team is small, flexible and very efficient. Contributions are welcome.
For the full project background see the midPoint History page.